CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

CVE-2026-44716

Pipecat AI’s CVE-2026-44716 describes a path-traversal vulnerability in the Pipecat runner's GET /files/{filename:path} endpoint when started with --folder. The filename is joined to the base folder without containment checks, and percent-encoded slashes (e.g., ..%2F..%2F) bypass URL normalisatio...

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

CVE-2026-47909

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

CVE-2026-47910

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

CVE-2026-47907

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

EUVD-2026-35806

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

CVE-2026-47910 Dreamweaver Desktop | Incorrect Authorization (CWE-863)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

EUVD-2026-35805

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

CVE-2026-47910

Dreamweaver Desktop (Windows/macOS)

CVE-2026-47910 Dreamweaver Desktop | Incorrect Authorization (CWE-863)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

CVE-2026-47907

Dreamweaver Desktop (Windows/macOS) version 21.7 and earlier is affected by an Improper Access Control vulnerability that permits arbitrary file system read outside the intended scope. The root cause is an access-control weakness that allows an attacker to access sensitive files and directories i...

CVE-2026-47907 Dreamweaver Desktop | Improper Access Control (CWE-284)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

CVE-2026-47907 Dreamweaver Desktop | Improper Access Control (CWE-284)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

EUVD-2026-35804

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...